DNS newbie needs help

[Stephane Hebert]

Hi folks,

Although i've been reading up on DNS, I can't seem to find a way to
implement what I want.

Here's my situation.

- LAN with an WinNT 4.0 file server. This is a FILE server. That's all it
does. It uses a domain, not a workgroup.
- An email server using Merak Email Server. OS is Win2K Pro.
- A mix of clients (win98, win2k pro and win xp home)
- We have a static IP from ISP
- We have a static dns account at dyndns.org. I'd like to get rid of that.
- We have three laptops that need to send/receive emails using our email
server using IMAP. These laptops are half of the time connected locally and
the other half on the road using dial-up.

The problem:

When the laptops are connected locally on the LAN, I have to setup the email
pop and smtp servers to point at the email server (192.168.0.3).
Obviously, this won't work once connected thru dial-up.
Also, if I specify the static IP supplied by our ISP when connected thru the
LAN, it doesn't work. Why ???
If I specify the static IP whern connected thru dial-up then it works.

So to resolve this, I thought that it would be nice if I could just set up
the laptop to use something like mail.myowndowmain.com and have this point
to my email server no matter how the laptop is connected. I would rather
not use the dyndns.org service and have my own name instead of
whatever.dyndns.org.
I realize that I need to get a new domain name registered, but once I get
that, how do I setup my email server and LAN for all of this to work ?

Sorry for the ignorance and thanks in advance to all who reply.

Stephane Hebert

 

[Ace Fekay [MVP]]

In

Hi folks,

Although i've been reading up on DNS, I can't seem to find a way to
implement what I want.

Here's my situation.

- LAN with an WinNT 4.0 file server. This is a FILE server. That's
all it does. It uses a domain, not a workgroup.
- An email server using Merak Email Server. OS is Win2K Pro.
- A mix of clients (win98, win2k pro and win xp home)
- We have a static IP from ISP
- We have a static dns account at dyndns.org. I'd like to get rid of
that.
- We have three laptops that need to send/receive emails using our
email server using IMAP. These laptops are half of the time
connected locally and the other half on the road using dial-up.

The problem:

When the laptops are connected locally on the LAN, I have to setup
the email pop and smtp servers to point at the email server
(192.168.0.3).
Obviously, this won't work once connected thru dial-up.
Also, if I specify the static IP supplied by our ISP when connected
thru the LAN, it doesn't work. Why ???
If I specify the static IP whern connected thru dial-up then it works.

So to resolve this, I thought that it would be nice if I could just
set up the laptop to use something like mail.myowndowmain.com and
have this point to my email server no matter how the laptop is
connected. I would rather not use the dyndns.org service and have my
own name instead of whatever.dyndns.org.
I realize that I need to get a new domain name registered, but once I
get that, how do I setup my email server and LAN for all of this to
work ?

Sorry for the ignorance and thanks in advance to all who reply.

Stephane Hebert

To make it work internally, you'll need to install and configure a DNS
server, create your external zone name on that internal server, and provide
the private IPs. Only set your internal clients to use the internal DNS.
Configure a forwarder to efficiently resolve external names. The reason is
when the internal clients ask your outside DNS, it gives the WAN IP as the
response, but a NAT server cannot take an internal request to its external
interface and remap it back in. Its a NAT limitation.

If you want to host DNS instead of DynDNS, then you will need two DNS
servers. One as stated above with only private IPs, and one for public IPs
that Internet queries will use to resolve your external WAN IP. Of course,
you would need to register it as a hostname server with the registrar. Keep
in mind, they actually need two nameservers minimum per domain, but with
using NAT, that;s a huge limitation. I would suggest to keep it hosted
externally. Its easier, less headaches, less hardware and cheaper in the
long run, unless of course you want to become an ISP?

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.

 

[Stephane Hebert]

Ace,

Man am I lost.

OK, I installed the DNS server service on my WinNT box but i'm confused for
configuration.

I consulted MS article 172953...
http://support.microsoft.com/defaul...port/kb/articles/q172/9/53.asp&NoWebContent=1

Let's get some facts out:

WINNT BOX:
IP: 192.168.0.2
NAME: ACSERVEUR
DOMAIN: AUDIOCONTROLE
DNS SERVER in TCP/IP settings is 192.168.0.1 (router).

EMAIL SERVER BOX:
IP: 192.168.0.3
NAME: ACEMAIL
Connects to AUDIOCONTROLE domain

My laptops are now configured to connect to 192.168.0.3 for email but
AUDIOCNTRL.COM would be better.

NOTE: I can't use AUDIOCONTROLE.COM because that points to a third party box
that is hosting our web site. I _do not_ want to host our web site.

For now, I just want AUDIOCNTRL.COM to be resolved internally.

In the article, in the Creating Your DNS Server section, I says to "type the
IP address of your DNS server". Well, my DNS server is _this_ box and its
IP address is 192.168.0.2, so that's what I typed in. Is this ok ??

I continued and created the Reverse Lookup Zone and supplied
168.192.in-addr.arpa. Is this ok ??

When I got the point to create the Forward Lookup Zone, an A record was
supposed to be created but was not. According to the article, I need to
check the DNS settings in the TCP/IP settings. Ok, so what do I put there ?

That's pretty much where i'm standing now.

Thanks for your patience and again sorry for my overwhelming ignorance on
the subject, but I do need to get this thing up.


--
Stephane Hebert
Audio Controle
www.audiocontrole.com
1-819-569-9986
1-800-567-2711

Stephane Hebert <[email protected]> made a post then I commented below

 

[Stephane Hebert]

Ace,

Just in case this helps, here's the result of ipconfig /all on the NT box:


Windows NT IP Configuration

Host Name . . . . . . . . . : acserveur.audiocntrl.com
DNS Servers . . . . . . . . : 192.168.0.1
Node Type . . . . . . . . . : Broadcast
NetBIOS Scope ID. . . . . . :
IP Routing Enabled. . . . . : No
WINS Proxy Enabled. . . . . : No
NetBIOS Resolution Uses DNS : No

Ethernet adapter El90x1:
Description . . . . . . . . : 3Com 3C90x Ethernet Adapter
Physical Address. . . . . . : 00-50-DA-20-B0-55
DHCP Enabled. . . . . . . . : No
IP Address. . . . . . . . . : 192.168.0.2
Subnet Mask . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . : 192.168.0.1

Stephane


"Ace Fekay [MVP]"

 

[Ace Fekay [MVP]]

In

Ace,

Man am I lost.

OK, I installed the DNS server service on my WinNT box but i'm
confused for configuration.

I consulted MS article 172953...
http://support.microsoft.com/defaul...port/kb/articles/q172/9/53.asp&NoWebContent=1

Let's get some facts out:

WINNT BOX:
IP: 192.168.0.2
NAME: ACSERVEUR
DOMAIN: AUDIOCONTROLE
DNS SERVER in TCP/IP settings is 192.168.0.1 (router).

EMAIL SERVER BOX:
IP: 192.168.0.3
NAME: ACEMAIL
Connects to AUDIOCONTROLE domain

My laptops are now configured to connect to 192.168.0.3 for email but
AUDIOCNTRL.COM would be better.

NOTE: I can't use AUDIOCONTROLE.COM because that points to a third
party box that is hosting our web site. I _do not_ want to host our
web site.

For now, I just want AUDIOCNTRL.COM to be resolved internally.

In the article, in the Creating Your DNS Server section, I says to
"type the IP address of your DNS server". Well, my DNS server is
_this_ box and its IP address is 192.168.0.2, so that's what I typed
in. Is this ok ??

I continued and created the Reverse Lookup Zone and supplied
168.192.in-addr.arpa. Is this ok ??

When I got the point to create the Forward Lookup Zone, an A record
was supposed to be created but was not. According to the article, I
need to check the DNS settings in the TCP/IP settings. Ok, so what
do I put there ?

That's pretty much where i'm standing now.

Thanks for your patience and again sorry for my overwhelming
ignorance on the subject, but I do need to get this thing up.

Relax and have a drink, please.

That said, under Forward Lookup Zones, create a zone called
audiocontroler.com. It doesn't matter if someone else is hosting it. Under
the zone, create a new host record, but leave the name blank, and give it
the IP address of your webserver. Then create another host record called
www, and give it the same IP.

For your mailserver, create a record for it, what would you like to call it?
How about 'mail'? Create a host record called mail, then give it the IP
address of your mail server.

For you reverse zone, what you created will work:
168.192.in-addr.arpa.

But that takes up the whole /16 range. Maybe you want to chop it down to
just show your zone:
168.192.0.in-addr.arpa.

For TCP/IP properties, DNS tab, only use your DNS server you isntalled. DO
NOT USE THE ROUTER'S.
Is 192.168.0.2 your DNS server? Then JUST use and ONLY use that ONLY.
Do this for ALL machines.

In DNS properties, Forwarders tab, check the box to configure a forwarder.
Give it the IP address of your ISP's DNS server.

Hope that helps.

Ace

 

[Stephane Hebert]

Ace,

Thanks for the help.

Ok, so I did what you said. Now I can ping my email server using these
names from another station.

acemail (that's the computer name)
acemail.audiocontrole.com. My guess is that this works only becausse
whatever is after acemail is ignored.

I cans also ping the WINNT box name (acserveur)
but I get nothing if I ping audiocontrole.com. Is this normal ?

I did a screen shot of the DNS Manager. Can you tell me if everything looks
right ?
http://www.audiocontrole.com/support/DNS.jpg

The next step will be to enable access to the email server from the internet
using the same name (acemail).
I think I'll need some help with that <g>

Stephane

"Ace Fekay [MVP]"

 

[Stephane Hebert]

Also, here's the ipconfig /all output from the machine I tested the pings
with

Windows 2000 IP Configuration
Host Name . . . . . . . . . . . . : dev
Primary DNS Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : no-domain-set.bellcanada

Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : no-domain-set.bellcanada
Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection
Physical Address. . . . . . . . . : 00-10-DC-CF-1D-3D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.0.12
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.2
Lease Obtained. . . . . . . . . . : October 6, 2004 10:11:36
Lease Expires . . . . . . . . . . : October 9, 2004 10:11:36

Stephane

"Ace Fekay [MVP]"

 

[Ace Fekay [MVP]]

In

Also, here's the ipconfig /all output from the machine I tested the
pings with

Windows 2000 IP Configuration
Host Name . . . . . . . . . . . . : dev
Primary DNS Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : no-domain-set.bellcanada

Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : no-domain-set.bellcanada
Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network
Connection Physical Address. . . . . . . . . : 00-10-DC-CF-1D-3D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.0.12
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.2
Lease Obtained. . . . . . . . . . : October 6, 2004 10:11:36
Lease Expires . . . . . . . . . . : October 9, 2004 10:11:36

Stephane

Yes, this helps a little. Change the Primary DNS Suffix by going to My
Computer, rt-click, choose properties, under the Name ID tab or ComputerID
tab, click More, then set the primary DNS suffix to be audiocontrole.com.
You will be prompted to restart.


Ace

 

[Ace Fekay [MVP]]

In

Ace,

Thanks for the help.

Ok, so I did what you said. Now I can ping my email server using
these names from another station.

acemail (that's the computer name)
acemail.audiocontrole.com. My guess is that this works only becausse
whatever is after acemail is ignored.

I cans also ping the WINNT box name (acserveur)
but I get nothing if I ping audiocontrole.com. Is this normal ?

I did a screen shot of the DNS Manager. Can you tell me if
everything looks right ?
http://www.audiocontrole.com/support/DNS.jpg

The next step will be to enable access to the email server from the
internet using the same name (acemail).
I think I'll need some help with that <g>

Stephane

If you ping just "acemail", the system will suffix the name with the search
suffix, which is audiocontrole.com.

YOu forgot to do this part below. This will allow you to ping or get to the
website without the www record:
If you want to get to it by using acemail.audiocontrole.com, then in the
external DNS (whomever is hosting it) you need to create that record giving
it the public IP address.

Ace

 

[Stephane Hebert]

Ace,

If you ping just "acemail", the system will suffix the name with the search
suffix, which is audiocontrole.com.

YOu forgot to do this part below. This will allow you to ping or get to the
website without the www record:

But I tried to create a new host record without entering a name, but WinNT
won't let me. The OK button just stays dimmed.

Ok, so what's the idea behind creating a record without a name ?

If you want to get to it by using acemail.audiocontrole.com, then in the
external DNS (whomever is hosting it) you need to create that record giving
it the public IP address.

Ok, I'll try that. Thanks !

Stephane

 

[Ace Fekay [MVP]]

In

Ace,


But I tried to create a new host record without entering a name, but
WinNT won't let me. The OK button just stays dimmed.

Ok, so what's the idea behind creating a record without a name ?


Ok, I'll try that. Thanks !

Stephane

WinNT, hmm, forgot about that. Create a hostname called "@" (without the
quotes). See if that helps.

The idea behind this is to allow you to get to the website by
http://adiocontrole.com (without the www).

Ace

 

[Stephane Hebert]

Ace,

"Ace Fekay [MVP]"

In Stephane Hebert <[email protected]> made a post then I commented below

WinNT, hmm, forgot about that. Create a hostname called "@" (without the
quotes). See if that helps.

The idea behind this is to allow you to get to the website by
http://adiocontrole.com (without the www).

Ok, tried with @, but it reports that it can't create @.audiocontrole.com.
So now I have audiocontrole.com and www with the IP of the server hosting
our web site.

Also, I called up the folks responsible for hosting our webiste to add an
host to our zone: acemail.audiocontrole.com -> 69.159.246.8 wich is the IP
of my email server.

Stephane

 

[Stephane Hebert]

Ace,

Also, after setting one of my stations DNS entry to point to my new DNS
server (192.168.0.2), I can't resolve mail.audiocontrole.com wich is the IP
of
the third party hosting site. My internal email server is
acemail.audiocontrole.com. After seting the DNS server back to the router,
I can resolve mail.audiocontrole.com again.

Is it because I can't create the blank host record ?

Thanks

Stephane


"Ace Fekay [MVP]"

 

[Ace Fekay [MVP]]

In

Ace,

Also, after setting one of my stations DNS entry to point to my new
DNS server (192.168.0.2), I can't resolve mail.audiocontrole.com wich
is the IP of
the third party hosting site. My internal email server is
acemail.audiocontrole.com. After seting the DNS server back to the
router, I can resolve mail.audiocontrole.com again.

Is it because I can't create the blank host record ?

Thanks

Stephane

Please don't do that, don't point DNS to your router. It will be break
everything we're trying to achieve, that is, create a consistent method of
resolution. Besides, the DNS resolver doesn't work by toggling back and
forth the DNS entries (which is another topic entirely). Eventually you may
upgrade to Win2000 or 2003, and this will be very important at that time to
keep the 'best practice' of only use your internal DNS server(s). No ISP's,
router or any other external DNS, please.

Just easily create another entry called mail, just as you did acemail.

As for creating the blank entry in NT4 DNS, I just remembered you need to go
into the DNS folder in winnt\system32\dns and create it in there. You will
see your audiocontrole.com.dns file. Open it in notepad. Look thru it and
you will see your other entries, such as acemail and mail entries (hopefully
the one you just created). Create an entry in there that looks like this:

@ A 192.168.

Ace

 

[Stephane Hebert]

Ace,

Please don't do that, don't point DNS to your router. It will be break
everything we're trying to achieve, that is, create a consistent method of
resolution. Besides, the DNS resolver doesn't work by toggling back and
forth the DNS entries (which is another topic entirely). Eventually you may
upgrade to Win2000 or 2003, and this will be very important at that time to
keep the 'best practice' of only use your internal DNS server(s). No ISP's,
router or any other external DNS, please.

I didn't have much choice. It was either I wouldn't receive emails or I

Just easily create another entry called mail, just as you did acemail.

OK I did. Same result though.
My internal mail server with DNS set as 192.168.0.2, can't connect to
mail.audiocontrole.com (69.156.240.34).
With the DNS set as 192.168.0.1 all ok.

Here's what's in DNS subdir on the server:

audiocontrole.com.dns
-----------------------
;
; Database file audiocontrole.com.dns for audiocontrole.com zone.
; Zone version: 7l
;

@ IN SOA acserveur. Administrator. (
7 ; serial number
3600 ; refresh
600 ; retry
86400 ; expire
3600 ) ; minimum TTL

;
; Zone NS records
;

@ IN NS acserveur.

;
; Zone records
;

@ IN A 69.156.240.29
acemail IN A 192.168.0.3
mail IN A 69.156.240.34
www IN A 69.156.240.29


168.192.0.dns
----------------

;
; Database file 168.192.0.dns for 168.192.0.in-addr.arpa zone.
; Zone version: 1l
;

@ IN SOA acserveur. Administrator. (
1 ; serial number
3600 ; refresh
600 ; retry
86400 ; expire
3600 ) ; minimum TTL

;
; Zone NS records
;

@ IN NS acserveur.

;
; Zone records
;

As for creating the blank entry in NT4 DNS, I just remembered you need to go
into the DNS folder in winnt\system32\dns and create it in there. You will
see your audiocontrole.com.dns file. Open it in notepad. Look thru it and
you will see your other entries, such as acemail and mail entries (hopefully
the one you just created). Create an entry in there that looks like this:

@ A 192.168.

Ok, did that. Shouldn't it be 192.168.0.2 though and not just 192.168. ??
You said to create something that _looked like_ this. What should I put
there.
Doesn't seem to show up in the DNS Manager though. If I change this
manually, then go in the DNS manager and Update Database, the entry is
removed in the file.

A this point, acemail.audiocontrole.com works internally and externally,
thanks to you.
My only problem now is accessing mail audiocontrole.com (hosted mail server)
if I use our DNS server instead of the routers' or ISP.

Thanks

Stephane

 

[Ace Fekay [MVP]]

In

Ace,


I didn't have much choice. It was either I wouldn't receive emails
or I would. I opted for getting emails <g>

Well, I would say that your internal one should have all the records to get
to anyway. I don't see why just creating mail.audicontrole.com giving it
69.156.240.34 doesn't work using that internally? Are there two DNS entries
in TCP/IP properties? One the router, one the DNS server? If so, that can be
causing it due to the way the resolver service works.

Try nslookup and see what you get when you query mail.audiocontrole.com.
Make sure when you invoke nslookup, see what server its using. If you like,
post the results back.

nslookup

mail.audiocontrole.com
answer pops up here.


OK I did. Same result though.
My internal mail server with DNS set as 192.168.0.2, can't connect to
mail.audiocontrole.com (69.156.240.34).
With the DNS set as 192.168.0.1 all ok.

Here's what's in DNS subdir on the server:

audiocontrole.com.dns
-----------------------
;
; Database file audiocontrole.com.dns for audiocontrole.com zone.
; Zone version: 7l
;

@ IN SOA acserveur. Administrator. (
7 ; serial number
3600 ; refresh
600 ; retry
86400 ; expire
3600 ) ; minimum TTL

;
; Zone NS records
;

@ IN NS acserveur.

;
; Zone records
;

@ IN A 69.156.240.29
acemail IN A 192.168.0.3
mail IN A 69.156.240.34
www IN A 69.156.240.29


168.192.0.dns
----------------

;
; Database file 168.192.0.dns for 168.192.0.in-addr.arpa zone.
; Zone version: 1l
;

@ IN SOA acserveur. Administrator. (
1 ; serial number
3600 ; refresh
600 ; retry
86400 ; expire
3600 ) ; minimum TTL

;
; Zone NS records
;

@ IN NS acserveur.

;
; Zone records
;




Ok, did that. Shouldn't it be 192.168.0.2 though and not just
192.168. ?? You said to create something that _looked like_ this.
What should I put there.

Sorry, you wanted the external mail server to point to this address or do
you want an internal machine? If I'm reading you correctly, just as you did
that shows up above in the DNS file:

; Zone records
;

@ IN A 69.156.240.29
acemail IN A 192.168.0.3
mail IN A 69.156.240.34
www IN A 69.156.240.29

You are saying this record is disappearing when you update the file?

@ IN A 69.156.240.29

Doesn't seem to show up in the DNS Manager though. If I change this
manually, then go in the DNS manager and Update Database, the entry is
removed in the file.

I think you don't want to 'update database', since it will update it from
what it sees in the DNS manager. Just hit refresh and see what happens.


Ace